Water systems are critical components of our infrastructure, supplying communities with the lifeblood needed for our daily needs. With technology advancing, there is an interconnectedness between IT and OT networks and devices, making critical infrastructure, like water facilities vulnerable to cyber attacks. Recent years have seen an uptick in cyber attacks targeting critical infrastructure, with water facilities becoming prime targets for malicious actors.
Let's examine this trend further and how other organisations can protect themselves from similar attacks.
Rye Brook, New York (2016)
A water utility in Rye Brook fell victim to ransomware, where the hackers gained remote access to information on the status and operation of the dam, including information about the water levels and temperature, and the status of the sluice gate, which is responsible for controlling water levels and flow rates. The hackers demanded payment in Bitcoin to restore control of the systems, highlighting the financial motives behind some attacks.
Oldsmar, Florida (2021)
This highly publicised incident saw a hacker attempt to manipulate the chemical levels in the water treatment system. The cyber criminal boosted the level of sodium hydroxide, a.k.a lye, in the water supply to 100 times higher than normal, which could have caused fatal damage to lives. Fortunately, an alert operator detected some strange activity and notified his superiors before the water systems deployed water to civilians. This event raised concerns about the vulnerabilities of water facilities to remote cyber attacks.
Aliquippa, Pennsylvania (2023)
The cyber incident took place in November 2023 and affected this massive company that supplies water and other services to over 6,600 customers. The hackers gained control of a system associated with a booster station and exploited known vulnerabilities in Unitronics Vision products, which have been previously identified as potential targets for cyber threats. This incident is a reminder that cybersecurity for critical infrastructure has a long way to go before successfully safeguarding industrial systems.
Motivations Behind Water Facility Attacks
Understanding why these attacks occur is crucial for developing effective cybersecurity strategies. The motivations can vary, but some common factors include:
Ransomware attacks seek financial compensation in exchange for restoring control or preventing the release of sensitive information. These attacks can cripple operations, leading organisations to consider paying the ransom to mitigate the impact.
Nation-states may target water infrastructure for espionage or as part of cyber warfare strategies. Disrupting essential services can be a means of exerting influence or causing economic damage.
Some attacks are politically motivated, driven by ideologies or grievances. Hacktivist groups may target water facilities to make a statement or draw attention to specific issues.
Attacks may originate from within an organisation, either through intentional malice or unintentional actions. Disgruntled employees or contractors with access to critical systems can pose a significant threat.
Enhancing OT Cybersecurity for Water Facilities
To safeguard against cyber threats, water facilities must implement a robust cybersecurity strategy. Key measures include:
As water infrastructure is usually in a remote location, it is important to take crucial steps to eliminate any risks that could occur due to cyber attacks. MicroSec provides a solution that can help you understand your cybersecurity posture, security levels, and cyber readiness. Learning from past incidents, understanding the motivations behind attacks, and implementing proactive security measures are critical steps in safeguarding our water systems and ensuring the well-being of communities.